ElcomSoft Co. Ltd. has discovered vulnerability in Canon Original Data Security, a verification system to provide image data verification features intended to authenticate image originality. The vulnerability allows extracting the original signing key from a Canon digital camera and using the key to put an authenticity signature to a photo or any digital image, which will be validated as an original and authentic.

The vulnerability discovered by ElcomSoft questions the authenticity of all Canon signed photographic evidence and published photos, and effectively proves the entire Canon Original Data Security system useless.

you could send all your edited images to competitions or agencys who only accept images who are tagged as "original".

or good to know when you are facing a lawsuite....

i wonder if CANON will replace the expensive Original Data Security Kits hardware.

updating the hardware will not to work as ist seems:

Quote

Summary: What Canon can do?â€¢ With currently available models â€“ nothingâ€¢ With future models:â€“ Implement HMAC calculation incryptoprocessor which does not exposesecret keyâ€“ Prevent camera from running non-Canonâ€™scode to avoid illegal usage of cryptoprocessorâ€¢ Hire people who really understandssecurity

itÂ´s a shame that canon has not informed the people who trust them and bought these expensive Data Security Kit hardware.

CANON knows this problem since september.

i would want my money back... at least when i bought the Data Security Kit after september 2010.

The trimphant moment when the Russians landed on the moon? No, a doctored photo from Elcomsoft illustrating how it cracked Canon technology to detect photo tampering.Thereâ€™s a new reason to take note of a Russian programmer who rose to modest fame with his detainment in the United States in 2001: his work to help crack encryption used in Canon cameras.The programmer and encryption expert is Dmitry Sklyarov, and his company, Elcomsoft, has found a vulnerability in Canonâ€™s OSK-E3 system for ensuring that photos such as those used in police evidence-gathering havenâ€™t been tampered with.The result is that the company can create doctored photos that the technology thinks are authentic. To illustrate its point, it released a few doctored photos that it says passes the Canon integrity checks.â€œThe vulnerability discovered by ElcomSoft questions the authenticity of all Canon signed photographic evidence and published photos and effectively proves the entire Canon Original Data Security system useless,â€ the company said in a statement. Sklyarov presented the findings at the Confidence 2.0 conference last week.Canon didnâ€™t immediately respond to a request for comment.Stalin invented the iPhone? One falsified image from ElcomSoft the company says fools Canon&#39;s tamper-detection technology.Sklyarov discussed his methods in a conference presentation (PDF). In it, he offered some advice on how Canon could fix the issue in future cameras. Along with the technical advice was this: â€œHire people who really understand security.â€Wait, which country gave the Statue of Liberty to the U.S. as a present? Another doctored Elcomsoft image.(Credit: Elcomsoft)Sklyarovâ€™s earlier fame came when the FBI arrested him after presenting information about cracking encryption of an Adobe Systems eBook electronic book format. He was charged with criminal violations of the Digital Millennium Copyright Act (DMCA). Adobe backed off from its support of the case after programmer protests, though, and Sklyarov was acquitted.